@artatol-acp/auth-nextjs 0.5.8 → 0.5.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +61 -10
- package/dist/middleware.js.map +1 -1
- package/dist/proxy.d.ts.map +1 -1
- package/dist/proxy.js +61 -10
- package/dist/proxy.js.map +1 -1
- package/package.json +1 -1
package/dist/middleware.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;AASF,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB,IAiB/B,SAAS,WAAW,oCAsH7D"}
|
package/dist/middleware.js
CHANGED
|
@@ -27,17 +27,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
27
27
|
return NextResponse.redirect(url);
|
|
28
28
|
}
|
|
29
29
|
// Try to refresh
|
|
30
|
-
const
|
|
31
|
-
if (!
|
|
30
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
31
|
+
if (!result) {
|
|
32
32
|
// Refresh failed, redirect to login
|
|
33
33
|
const url = request.nextUrl.clone();
|
|
34
34
|
url.pathname = loginPath;
|
|
35
35
|
url.searchParams.set('from', pathname);
|
|
36
36
|
return NextResponse.redirect(url);
|
|
37
37
|
}
|
|
38
|
-
// Set new
|
|
38
|
+
// Set new tokens and continue
|
|
39
39
|
const response = NextResponse.next();
|
|
40
|
-
response.cookies.set('access_token',
|
|
40
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
41
41
|
httpOnly: true,
|
|
42
42
|
secure,
|
|
43
43
|
sameSite,
|
|
@@ -45,6 +45,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
45
45
|
path: cookiePath,
|
|
46
46
|
...(cookieDomain && { domain: cookieDomain }),
|
|
47
47
|
});
|
|
48
|
+
// Update refresh token if rotated
|
|
49
|
+
if (result.refreshToken) {
|
|
50
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
51
|
+
httpOnly: true,
|
|
52
|
+
secure,
|
|
53
|
+
sameSite,
|
|
54
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
55
|
+
path: cookiePath,
|
|
56
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
57
|
+
});
|
|
58
|
+
}
|
|
48
59
|
return response;
|
|
49
60
|
}
|
|
50
61
|
// Verify access token
|
|
@@ -65,17 +76,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
65
76
|
url.searchParams.set('from', pathname);
|
|
66
77
|
return NextResponse.redirect(url);
|
|
67
78
|
}
|
|
68
|
-
const
|
|
69
|
-
if (!
|
|
79
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
80
|
+
if (!result) {
|
|
70
81
|
// Refresh failed, redirect to login
|
|
71
82
|
const url = request.nextUrl.clone();
|
|
72
83
|
url.pathname = loginPath;
|
|
73
84
|
url.searchParams.set('from', pathname);
|
|
74
85
|
return NextResponse.redirect(url);
|
|
75
86
|
}
|
|
76
|
-
// Set new
|
|
87
|
+
// Set new tokens and continue
|
|
77
88
|
const response = NextResponse.next();
|
|
78
|
-
response.cookies.set('access_token',
|
|
89
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
79
90
|
httpOnly: true,
|
|
80
91
|
secure,
|
|
81
92
|
sameSite,
|
|
@@ -83,12 +94,41 @@ export function createACPAuthMiddleware(options) {
|
|
|
83
94
|
path: cookiePath,
|
|
84
95
|
...(cookieDomain && { domain: cookieDomain }),
|
|
85
96
|
});
|
|
97
|
+
// Update refresh token if rotated
|
|
98
|
+
if (result.refreshToken) {
|
|
99
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
100
|
+
httpOnly: true,
|
|
101
|
+
secure,
|
|
102
|
+
sameSite,
|
|
103
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
104
|
+
path: cookiePath,
|
|
105
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
106
|
+
});
|
|
107
|
+
}
|
|
86
108
|
return response;
|
|
87
109
|
}
|
|
88
110
|
};
|
|
89
111
|
}
|
|
112
|
+
function extractRefreshTokenFromCookies(response) {
|
|
113
|
+
// Try getSetCookie() first (returns array of individual Set-Cookie headers)
|
|
114
|
+
const setCookies = response.headers.getSetCookie?.();
|
|
115
|
+
if (setCookies && setCookies.length > 0) {
|
|
116
|
+
for (const cookie of setCookies) {
|
|
117
|
+
const match = cookie.match(/refresh_token=([^;]+)/);
|
|
118
|
+
if (match)
|
|
119
|
+
return match[1];
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
// Fallback to get('set-cookie')
|
|
123
|
+
const setCookieHeader = response.headers.get('set-cookie');
|
|
124
|
+
if (!setCookieHeader)
|
|
125
|
+
return null;
|
|
126
|
+
const match = setCookieHeader.match(/refresh_token=([^;]+)/);
|
|
127
|
+
return match ? match[1] : null;
|
|
128
|
+
}
|
|
90
129
|
async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
91
130
|
try {
|
|
131
|
+
console.log('[ACP Auth Proxy] Attempting refresh...');
|
|
92
132
|
const response = await fetch(`${baseUrl}/refresh`, {
|
|
93
133
|
method: 'POST',
|
|
94
134
|
headers: {
|
|
@@ -97,16 +137,27 @@ async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
|
97
137
|
Cookie: `refresh_token=${refreshToken}`,
|
|
98
138
|
},
|
|
99
139
|
});
|
|
140
|
+
console.log('[ACP Auth Proxy] Refresh response status:', response.status);
|
|
100
141
|
if (!response.ok) {
|
|
142
|
+
const text = await response.text();
|
|
143
|
+
console.log('[ACP Auth Proxy] Refresh failed:', text);
|
|
101
144
|
return null;
|
|
102
145
|
}
|
|
103
146
|
const data = await response.json();
|
|
104
147
|
if (!data.success || !data.data?.accessToken) {
|
|
148
|
+
console.log('[ACP Auth Proxy] Invalid response data');
|
|
105
149
|
return null;
|
|
106
150
|
}
|
|
107
|
-
|
|
151
|
+
// Extract new refresh token from Set-Cookie header (server rotates tokens)
|
|
152
|
+
const newRefreshToken = extractRefreshTokenFromCookies(response);
|
|
153
|
+
console.log('[ACP Auth Proxy] New refresh token extracted:', newRefreshToken ? 'yes' : 'no');
|
|
154
|
+
return {
|
|
155
|
+
accessToken: data.data.accessToken,
|
|
156
|
+
refreshToken: newRefreshToken,
|
|
157
|
+
};
|
|
108
158
|
}
|
|
109
|
-
catch {
|
|
159
|
+
catch (error) {
|
|
160
|
+
console.error('[ACP Auth Proxy] Refresh error:', error);
|
|
110
161
|
return null;
|
|
111
162
|
}
|
|
112
163
|
}
|
package/dist/middleware.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;AAqB3D,IAAI,SAAS,GAAmB,IAAI,CAAC;AAErC,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EACJ,OAAO,EACP,MAAM,EACN,YAAY,EACZ,WAAW,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,aAAa,CAAC,EAC5G,SAAS,GAAG,QAAQ,EACpB,OAAO,EAAE,YAAY,GAAG,EAAE,GAC3B,GAAG,OAAO,CAAC;IAEZ,MAAM,EACJ,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,UAAU,GAAG,GAAG,EACtB,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAC9C,QAAQ,GAAG,KAAK,GACjB,GAAG,YAAY,CAAC;IAEjB,OAAO,KAAK,UAAU,iBAAiB,CAAC,OAAoB;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QAErC,qBAAqB;QACrB,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1D,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,gDAAgD;QAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,yBAAyB;QACzB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;QAEjE,qCAAqC;QACrC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,sCAAsC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,iBAAiB;YACjB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,SAAS,CAAC,WAAW,EAAE,SAAS,EAAE;gBACtC,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;YAC3C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B,CAAC,QAAkB;IACxD,4EAA4E;IAC5E,MAAM,UAAU,GAAI,QAAQ,CAAC,OAA6C,CAAC,YAAY,EAAE,EAAE,CAAC;IAC5F,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACpD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3D,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAAc,EACd,YAAoB;IAEpB,IAAI,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QAEtD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,UAAU,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,MAAM;gBACnB,MAAM,EAAE,iBAAiB,YAAY,EAAE;aACxC;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,2CAA2C,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE1E,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,kCAAkC,EAAE,IAAI,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2EAA2E;QAC3E,MAAM,eAAe,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAE7F,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;YAClC,YAAY,EAAE,eAAe;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/dist/proxy.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;
|
|
1
|
+
{"version":3,"file":"proxy.d.ts","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGxD,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE;QACR,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;KACtC,CAAC;CACH,CAAC;AASF,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,wBAAwB,IAiB/B,SAAS,WAAW,oCAsH7D"}
|
package/dist/proxy.js
CHANGED
|
@@ -27,17 +27,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
27
27
|
return NextResponse.redirect(url);
|
|
28
28
|
}
|
|
29
29
|
// Try to refresh
|
|
30
|
-
const
|
|
31
|
-
if (!
|
|
30
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
31
|
+
if (!result) {
|
|
32
32
|
// Refresh failed, redirect to login
|
|
33
33
|
const url = request.nextUrl.clone();
|
|
34
34
|
url.pathname = loginPath;
|
|
35
35
|
url.searchParams.set('from', pathname);
|
|
36
36
|
return NextResponse.redirect(url);
|
|
37
37
|
}
|
|
38
|
-
// Set new
|
|
38
|
+
// Set new tokens and continue
|
|
39
39
|
const response = NextResponse.next();
|
|
40
|
-
response.cookies.set('access_token',
|
|
40
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
41
41
|
httpOnly: true,
|
|
42
42
|
secure,
|
|
43
43
|
sameSite,
|
|
@@ -45,6 +45,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
45
45
|
path: cookiePath,
|
|
46
46
|
...(cookieDomain && { domain: cookieDomain }),
|
|
47
47
|
});
|
|
48
|
+
// Update refresh token if rotated
|
|
49
|
+
if (result.refreshToken) {
|
|
50
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
51
|
+
httpOnly: true,
|
|
52
|
+
secure,
|
|
53
|
+
sameSite,
|
|
54
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
55
|
+
path: cookiePath,
|
|
56
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
57
|
+
});
|
|
58
|
+
}
|
|
48
59
|
return response;
|
|
49
60
|
}
|
|
50
61
|
// Verify access token
|
|
@@ -65,17 +76,17 @@ export function createACPAuthMiddleware(options) {
|
|
|
65
76
|
url.searchParams.set('from', pathname);
|
|
66
77
|
return NextResponse.redirect(url);
|
|
67
78
|
}
|
|
68
|
-
const
|
|
69
|
-
if (!
|
|
79
|
+
const result = await tryRefresh(baseUrl, apiKey, refreshToken);
|
|
80
|
+
if (!result) {
|
|
70
81
|
// Refresh failed, redirect to login
|
|
71
82
|
const url = request.nextUrl.clone();
|
|
72
83
|
url.pathname = loginPath;
|
|
73
84
|
url.searchParams.set('from', pathname);
|
|
74
85
|
return NextResponse.redirect(url);
|
|
75
86
|
}
|
|
76
|
-
// Set new
|
|
87
|
+
// Set new tokens and continue
|
|
77
88
|
const response = NextResponse.next();
|
|
78
|
-
response.cookies.set('access_token',
|
|
89
|
+
response.cookies.set('access_token', result.accessToken, {
|
|
79
90
|
httpOnly: true,
|
|
80
91
|
secure,
|
|
81
92
|
sameSite,
|
|
@@ -83,12 +94,41 @@ export function createACPAuthMiddleware(options) {
|
|
|
83
94
|
path: cookiePath,
|
|
84
95
|
...(cookieDomain && { domain: cookieDomain }),
|
|
85
96
|
});
|
|
97
|
+
// Update refresh token if rotated
|
|
98
|
+
if (result.refreshToken) {
|
|
99
|
+
response.cookies.set('refresh_token', result.refreshToken, {
|
|
100
|
+
httpOnly: true,
|
|
101
|
+
secure,
|
|
102
|
+
sameSite,
|
|
103
|
+
maxAge: 60 * 60 * 24 * 7, // 7 days (matches server)
|
|
104
|
+
path: cookiePath,
|
|
105
|
+
...(cookieDomain && { domain: cookieDomain }),
|
|
106
|
+
});
|
|
107
|
+
}
|
|
86
108
|
return response;
|
|
87
109
|
}
|
|
88
110
|
};
|
|
89
111
|
}
|
|
112
|
+
function extractRefreshTokenFromCookies(response) {
|
|
113
|
+
// Try getSetCookie() first (returns array of individual Set-Cookie headers)
|
|
114
|
+
const setCookies = response.headers.getSetCookie?.();
|
|
115
|
+
if (setCookies && setCookies.length > 0) {
|
|
116
|
+
for (const cookie of setCookies) {
|
|
117
|
+
const match = cookie.match(/refresh_token=([^;]+)/);
|
|
118
|
+
if (match)
|
|
119
|
+
return match[1];
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
// Fallback to get('set-cookie')
|
|
123
|
+
const setCookieHeader = response.headers.get('set-cookie');
|
|
124
|
+
if (!setCookieHeader)
|
|
125
|
+
return null;
|
|
126
|
+
const match = setCookieHeader.match(/refresh_token=([^;]+)/);
|
|
127
|
+
return match ? match[1] : null;
|
|
128
|
+
}
|
|
90
129
|
async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
91
130
|
try {
|
|
131
|
+
console.log('[ACP Auth Proxy] Attempting refresh...');
|
|
92
132
|
const response = await fetch(`${baseUrl}/refresh`, {
|
|
93
133
|
method: 'POST',
|
|
94
134
|
headers: {
|
|
@@ -97,16 +137,27 @@ async function tryRefresh(baseUrl, apiKey, refreshToken) {
|
|
|
97
137
|
Cookie: `refresh_token=${refreshToken}`,
|
|
98
138
|
},
|
|
99
139
|
});
|
|
140
|
+
console.log('[ACP Auth Proxy] Refresh response status:', response.status);
|
|
100
141
|
if (!response.ok) {
|
|
142
|
+
const text = await response.text();
|
|
143
|
+
console.log('[ACP Auth Proxy] Refresh failed:', text);
|
|
101
144
|
return null;
|
|
102
145
|
}
|
|
103
146
|
const data = await response.json();
|
|
104
147
|
if (!data.success || !data.data?.accessToken) {
|
|
148
|
+
console.log('[ACP Auth Proxy] Invalid response data');
|
|
105
149
|
return null;
|
|
106
150
|
}
|
|
107
|
-
|
|
151
|
+
// Extract new refresh token from Set-Cookie header (server rotates tokens)
|
|
152
|
+
const newRefreshToken = extractRefreshTokenFromCookies(response);
|
|
153
|
+
console.log('[ACP Auth Proxy] New refresh token extracted:', newRefreshToken ? 'yes' : 'no');
|
|
154
|
+
return {
|
|
155
|
+
accessToken: data.data.accessToken,
|
|
156
|
+
refreshToken: newRefreshToken,
|
|
157
|
+
};
|
|
108
158
|
}
|
|
109
|
-
catch {
|
|
159
|
+
catch (error) {
|
|
160
|
+
console.error('[ACP Auth Proxy] Refresh error:', error);
|
|
110
161
|
return null;
|
|
111
162
|
}
|
|
112
163
|
}
|
package/dist/proxy.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"proxy.js","sourceRoot":"","sources":["../src/proxy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAgB,MAAM,MAAM,CAAC;AAqB3D,IAAI,SAAS,GAAmB,IAAI,CAAC;AAErC,MAAM,UAAU,uBAAuB,CAAC,OAAiC;IACvE,MAAM,EACJ,OAAO,EACP,MAAM,EACN,YAAY,EACZ,WAAW,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,eAAe,EAAE,aAAa,CAAC,EAC5G,SAAS,GAAG,QAAQ,EACpB,OAAO,EAAE,YAAY,GAAG,EAAE,GAC3B,GAAG,OAAO,CAAC;IAEZ,MAAM,EACJ,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,UAAU,GAAG,GAAG,EACtB,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAC9C,QAAQ,GAAG,KAAK,GACjB,GAAG,YAAY,CAAC;IAEjB,OAAO,KAAK,UAAU,iBAAiB,CAAC,OAAoB;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;QAErC,qBAAqB;QACrB,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YAC1D,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,gDAAgD;QAChD,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACjC,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,yBAAyB;QACzB,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,KAAK,CAAC;QAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,KAAK,CAAC;QAEjE,qCAAqC;QACrC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,sCAAsC;gBACtC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,iBAAiB;YACjB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC;YACH,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,MAAM,SAAS,CAAC,WAAW,EAAE,SAAS,EAAE;gBACtC,UAAU,EAAE,CAAC,OAAO,CAAC;aACtB,CAAC,CAAC;YAEH,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,2CAA2C;YAC3C,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,oCAAoC;gBACpC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,SAAS,CAAC;gBACzB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACvC,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YACpC,CAAC;YAED,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,CAAC;YACrC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,EAAE;gBACvD,QAAQ,EAAE,IAAI;gBACd,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,EAAE,GAAG,CAAC,EAAE,YAAY;gBAC5B,IAAI,EAAE,UAAU;gBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;aAC9C,CAAC,CAAC;YAEH,kCAAkC;YAClC,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;gBACxB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,YAAY,EAAE;oBACzD,QAAQ,EAAE,IAAI;oBACd,MAAM;oBACN,QAAQ;oBACR,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,0BAA0B;oBACpD,IAAI,EAAE,UAAU;oBAChB,GAAG,CAAC,YAAY,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;iBAC9C,CAAC,CAAC;YACL,CAAC;YAED,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,8BAA8B,CAAC,QAAkB;IACxD,4EAA4E;IAC5E,MAAM,UAAU,GAAI,QAAQ,CAAC,OAA6C,CAAC,YAAY,EAAE,EAAE,CAAC;IAC5F,IAAI,UAAU,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACpD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3D,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,OAAe,EACf,MAAc,EACd,YAAoB;IAEpB,IAAI,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;QAEtD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,UAAU,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,WAAW,EAAE,MAAM;gBACnB,MAAM,EAAE,iBAAiB,YAAY,EAAE;aACxC;SACF,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,2CAA2C,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAE1E,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,kCAAkC,EAAE,IAAI,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2EAA2E;QAC3E,MAAM,eAAe,GAAG,8BAA8B,CAAC,QAAQ,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,+CAA+C,EAAE,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAE7F,OAAO;YACL,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,WAAW;YAClC,YAAY,EAAE,eAAe;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED